Google warns Bitcoin encryption could break with fewer quantum resources than expected
As quantum computing advances, the cost of attacking Bitcoin may drop sharply.
In a new analysis, Google warns that crypto assets such as Bitcoin and Ethereum could be vulnerable to quantum attacks much earlier than previously estimated.
The study shows that quantum machines running Shor’s algorithm could solve the 256-bit Elliptic Curve Discrete Logarithm Problem (ECDLP) securing most blockchains with fewer qubits and gates.
Google researchers estimate that 1,200–1,450 logical qubits and 70–90 million quantum gates could break Bitcoin’s 256-bit encryption in minutes, executable on less than 500,000 physical qubits in minutes.
These findings indicate that quantum attacks may be feasible much sooner than earlier estimates suggested.
Bitcoin wallets at risk
Future quantum threats to Bitcoin depend on which hardware scales first, according to Google. Fast systems may allow near-instant attacks during transactions, while slower systems would initially target stored funds.
As noted in the paper, key vulnerabilities include reused addresses, older wallet types, and public key exposure during transactions, with millions of BTC already at risk.
“On-spend” attacks, where a transaction is intercepted and exploited before confirmation, may be feasible within Bitcoin’s roughly 10-minute block window. That challenges the long-standing assumption that transaction fees and network speed would provide sufficient protection against quantum adversaries.
Dormant billions at risk
Apart from active transactions, the largest immediate target may be dormant holdings.
According to researchers, roughly 1.7 million Bitcoin, worth tens of billions of dollars, stay locked in early wallet formats known as P2PK, many of which are believed to be inaccessible due to lost keys.
These assets cannot be upgraded to quantum-resistant standards and could eventually be unlocked by whoever first gains access to a cryptographically relevant quantum computer, or CRQC.
That creates what analysts describe as a “fixed prize pool” for future attackers, ranging from state actors to private firms, and enforcement may prove difficult in a decentralized and global system.
Mining is safe, though not entirely
While quantum computers could threaten Bitcoin’s cryptography, Google notes that mining itself is not immediately at risk. Quantum speedups from Grover’s algorithm are limited, and conventional ASIC miners still dominate efficiency.
However, sudden attacks could disrupt the network’s economics. A successful quantum attack could depress Bitcoin’s value, reduce miner incentives, and compromise network performance and security.
Taproot upgrade improves privacy but exposes Bitcoin to quantum attacks
Google warns that Bitcoin’s cryptographic scripts could be targeted by quantum attacks.
Funds are controlled via UTXOs, public keys, and digital signatures, making exposure during spending a critical vulnerability.
Early and Taproot addresses are particularly exposed, while standard addresses retain some protection until used.
The report notes that Taproot represents a tradeoff between functionality and quantum safety and introduces P2MR as a future script type designed to retain Taproot benefits while reducing quantum risk.
37 million ETH at risk
Quantum computing could impact Ethereum more severely than Bitcoin, according to Google.
Smart contracts lack post-quantum cryptography, making code at-rest vulnerable, while BLS signatures in Proof-of-Stake create systemic risks if a sufficient number of validators are compromised.
Ethereum layer 2 networks also rely on quantum-vulnerable KZG commitments, which could allow permanent backdoors.
Effective mitigation requires mass coordination, manual contract upgrades, faster key rotation, and a shift to post-quantum cryptography across the ecosystem.
Beyond Bitcoin and Ethereum
Quantum vulnerabilities extend far beyond Bitcoin and Ethereum, affecting forks, sidechains, privacy coins, and stablecoins, Google highlights.
Many chains still rely on ECDLP-based cryptography, leaving funds and privacy exposed, while multi-signature bridges and admin keys create additional risks.
Even privacy-preserving blockchains like Zcash or Mimblewimble can face retroactive attacks, enabling past transaction exposure or inflation exploits.
Full transition to post-quantum cryptography (PQC) is achievable
Blockchain platforms are increasingly hosting tokenized real-world assets, including bonds and real estate. With market projections exceeding $16 trillion by 2030, experts warn that quantum computing threats could become a systemic risk to the financial system as a whole.
While short-term mitigations, like key rotation and protocol updates, can reduce exposure, only migrating to PQC will provide lasting security against abrupt quantum threats, Google notes.
A full transition to post-quantum cryptography is possible, but only if the work starts now, Google researchers stress.
New cryptographic approaches, including lattice- and hash-based systems, are already being tested and rolled out in select networks.
Some projects, like QRL and Abelian, were built to be quantum-resistant from the start, while others, such as Algorand, Solana, and the XRP Ledger, are experimenting with quantum-safe integrations. The Ethereum Foundation has also intensified efforts to upgrade the core infrastructure for post-quantum security.
Google urges the crypto community to prepare for quantum attacks early, adopt PQC, fix short-term vulnerabilities, and responsibly share information to protect both funds and public confidence.
About Author
